Privacy Notice

Purposes of Personal data processing of AST are related to the commercial activity of AST and functions performed within the framework of it. AST processes Personal data for the following purposes:

• Preparation, conclusion and administration of contracts;
• Staff recruitment and management;
• Provision of effective company management processes;
• Business planning and analytics;
• Organisation of procurements and auctions;
• Informing the public about the activities of AST;
• Reviewing and processing applications, submissions;
• Compliance with the requirements of regulatory enactments (for example, the Labour Law, the Labour Protection Law, the Archives Law, the Procurement Law, the Law “On Prevention of Conflict of Interest in the Activities of Public Officials”, Cabinet Regulation No. 500 of 19 August 2014 “General Construction Regulations”);
• Security and law enforcement:
  • AST IT system audit maintenance;
  • Prevention and investigation of IT security incidents (for example, in the case of unauthorised external access to AST IT systems, any sites or applications), as well as any type of malicious activity on AST IT systems, any sites or applications (for example, DDoS attack);
  • Prevention and investigation of breaches of personal data processing (such as illegal access to AST premises);
  • security in AST premises, on the territory of AST sites or at AST sites, including the performance of video surveillance and implementation of access control (for example, issuing of passes);
  • provision of information to public authorities and other persons, such as the police, the State Audit Office or archives.
• Protection of the vital interests of individuals, including life and health.

AST processes personal data based on the following legal grounds:

• Fulfilment of legal obligation established by law and regulations;
• Ensuring legitimate interests:
  • Prevention or detection of criminal offences related to the protection of property and the protection of vital human interests, including life and health;
  • Assessment of the compliance of the personnel's actions with the electrical safety regulations with the aim to ensure the protection of the health and life of the personnel;
  • Effective work organisation and promotion of transparency;
  • Informing the public about the activities and news of AST;
  • Staff recruitment and management;
  • Provision of effective company management processes;
  • Business planning and analytics;
  • Informing the public about our activities;
  • Reviewing and processing applications, submissions.
• Conclusion or performance of contracts;
• Protection of the vital interests of individuals, including life and health;
• Performance of tasks that AST performs in the public interest or implementing the official authorities legally granted to the controller;
• Consent of the data subject.

Categories of personal data subjects

AST mainly processes the following categories of Personal Data Subjects:

• Current and former AST employees, as well as those who have applied for vacancies;
• Visitors to the AST territory and sites and participants of the events organised by AST;
• Persons available at AST sites or adjacent areas, entering the video surveillance area;
• Users of information systems, websites and technical solutions;
• Procurement participants;
• Participants of auctions.

Categories of personal data

AST mainly processes the following categories of Personal Data Subjects:

Name, Surname, personal identity number, address, education and qualification documents, photo images, video recordings, audit records, audio recordings, telephone numbers, e-mail addresses, mandatory health examination data, GPS data of company cars, information related to records of the employee and visitor identification cards and their use.

AST stores personal data according to the defined purposes of personal data processing and requirements of the laws and regulations, while at least one of the following criteria exists:

• AST can exercise its legitimate interests in accordance with the procedures specified in the external laws and regulations;
• a legal obligation for AST to store the data exists;
• consent given by the data subject for the relevant processing of personal data is in force, unless another legal basis for processing is in place.

Cookies are text files that are placed in the browser of the website user to improve performance of the website. Saved cookies allow us to recognise the computer of the user.

AST uses cookies for the following purposes:

• to ensure website functionality;
• to obtain statistical data on the flow of visitors to the website - the number of visitors, time spent on the website;
• improvement of efficiency of the operation of the website.

The server hosting the AST website registers the requests sent by the website visitor (open web addresses, device and browser used, IP address, access time). This data is used for technical purposes only to ensure the proper functioning and security of the website. AST does not use cookies to track user habits, therefore, AST informs you about the use of cookies, but does not require consent of the data subject to place cookies, in accordance with the requirements of regulatory enactments.

The AST website may contain third-party cookies, in particular google analytics. The Google analytics tool is powered by Google Inc. (US company) that has access to the statistics collected by this tool. Google Inc. has adhered to the principles of the EU-US Privacy Policy (EU-US Privacy List, which confirms that a service provider complies with EU-required privacy standards). This service provider is also subject to contractual obligations designed to ensure privacy.

The data subject may delete the cookies of his choice (for more information - www.AboutCookies.org and/or www.youronlinechoices.com/).

The data subject may delete all cookies already stored on its computer and may set the browser to prevent them from being stored, which should be set manually each time you visit the website, as a result of which some services and website features may stop operating.

In certain cases AST may disclose the Personal Data to the following recipients of Personal Data, unless this conflicts with the applicable laws and regulations:

• employees and authorised persons of AST, who process the Personal Data specified in this privacy statement on behalf of AST within the scope of their competence and work tasks;
• persons involved in the commercial activity of AST, including but not limited to:
  • information system maintainers and their service providers;
  • contractors (for example, construction contractors who receive the Personal Data of real estate owners);
  • research service providers;
  • postal and logistics service providers;
  • insurance service providers.
• law enforcement institutions, other state institutions and public persons and similar persons, if it is determined in regulatory enactments (for example, the court, the police, the Prosecutor's Office, the State Revenue Service, notaries);
• in addition, AST may receive information about you from third parties, such as: the state and municipal authorities (for example, Land Register, Cadastre IS, municipalities, archives, Office of Citizenship and Migration Affairs).

In some cases, AST may transfer Personal Data outside the European Union, for example when using data storage solutions that provide data storage services outside the European Union, or by engaging third parties to assist AST in carrying out its business tasks. Depending on the circumstances, AST may opt for the specific safeguards for the protection of personal data set out in the Regulation, such as the conclusion of standard clauses with the recipient of the personal data. You have the right to review or obtain information about these warranties by using the contact information provided by AST in this privacy statement.

In order to receive information on personal data processed by AST on the data subject, the data subject should submit an application:

• in person in writing at the AST office in Riga, at Dārzciema iela 86, LV-1073, presenting a personal identity document;
• signed with a secure electronic signature, sending to the electronic mail address [email protected].

The Data Subject has the right to request to restrict the processing of Personal Data, object to the processing of Personal Data, erase personal data or request rectification of Personal Data in accordance with the provisions of the Regulation.

AST communicates with the data subject, using the contact details indicated by the data subject (telephone number, e-mail address, postal address).

If the data subject considers that the data subject's right to protection of personal data has been violated, the data subject is entitled to submit a complaint to the Personal Data Supervisory Authority.

If the processing of Personal Data has been initiated and takes place in accordance with the consent of the data subject, the data subject has the right to revoke it.

Revocation of the consent does not affect processing of data carried out while the consent of the data subject was effective.

Withdrawal of the consent cannot terminate the processing of Personal data that is carried out based on other legal grounds.

AST has the right to make changes to this privacy statement at any time, which shall be published on the website www.ast.lv.